P5&P6
I will be discussing the legal and ethical issues in relation to the use of nationwide. The legal
issues I will talk about are the computer misuse act 1990,the freedom of information act
2000 and data protection act 1998. The ethical issues I will talk about are the use of email,
whistleblowing and use of the internet.
The legal issues:
The Computer Misuse Act 1990 : is an Act of the Parliament of the United Kingdom,
introduced partly in response to the decision in R v Gold & Schifrin (1988) 1 AC 1063 (see
below). Critics of the bill complained that it was introduced hastily and was poorly thought
out Intention, they said, was often difficult to prove, and that the bill inadequately
differentiated "joyriding" hackers like Gold and Schifrin from serious computer criminals.
The Act has nonetheless become a model from which several other countries, including
Canada and the Republic of Ireland, have drawn inspiration when subsequently drafting
their own information security laws, as it is seen "as a robust and flexible piece of legislation
in terms of dealing with cybercrime.
There was a serious case of customer misuse at nationwide when the insurance computers
were hacked. The attack occurred on Oct. 3. Nationwide said it took steps at the time to secure its
network and has been working with law enforcement to investigate. It also has hired experts to
analyse the data and the computer network. More than 1million people were affected.

The Freedom of Information Act 2000 (c.36) is an Act of Parliament of the Parliament of the
United Kingdom that creates a public "right of access" to information held by public
authorities. It is the implementation of freedom of information legislation in the United
Kingdom on a national level. The Act implements a manifesto commitment of the Labour
Party in the 1997 general election, developed by Dr David Clark as a 1997 White Paper. The

final version of the Act is believed [by whom?] to have been diluted from that proposed
while Labour was in opposition. The full provisions of the act came into force on 1 January
2005.
There was an example of this act taken into consideration for nationwide as they changed
an number of fees on mortgages and this caused there to be a rise in interest for customers.
One customer wrote to nationwide and requested: Copies of all documents they hold
(including letters, emails and minutes) which record
communication with Nationwide on the issue of these
changes to their mortgage charges; and Any internal
authorization or discussion papers on the issue of these
changes to Nationwide's mortgage charges.
The customer then had to pay a fee just to have this
information sent to him.

The Data Protection Act controls how your personal information is used by organizations,
businesses or the government.
Everyone who is responsible for using data has to follow strict rules called ‘data protection
principles’. They must make sure the information is:
• used fairly and lawfully
• used for limited, specifically stated purposes
• used in a way that is adequate, relevant and not excessive
• accurate
• kept for no longer than is absolutely necessary
• handled according to people’s data protection rights
• kept safe and secure
• not transferred outside the UK without adequate protection
There is stronger legal protection for more sensitive information, such as:
• ethnic background
• political opinions
• religious beliefs
• health
• sexual health
• criminal records
nationwide had breached the data protection act in 2007 along with many other banks.
They disregarded their customers information which was to be kept confidential. These files
then got out and customers privacy had been taken away from them . this is all due to the
fact that an employee took a laptop home where it was later stolen. Nationwide then
refused to give names as to who’s accounts and information had been looked at. This

caused a lot of outrage and customers wanted to use the data protection act to find out
what they needed to know about their personal details and if they had been accessed by
somebody else. However customers were told that they couldn’t use the data protection
act as a way to find out what happened. Assistant Commissioner Phil Jones said : ‘The
obligation is to tell you what information they hold, "but you and I don't have rights to

require someone to tell us what data is held in what particular kit in what particular place.
nationwide doesn’t have their data protection act on their website so customers are not
able to see it. However they do keep a lot of personal information because they are a
building society. They use the dat protection when it comes to dealing with customers and
accounts, this includes it being kept safe and secure.

Ethical issues:
Nationwide doesn’t sponsor any fair trade or a charity.
Ethical issues regarding emails means that the emails sent in and out of the company have
to be appropriate and adhere to the business. Many companies have a code of practice on
the correct use of email. The employees will not be able to use email to do things such as
distribute committee papers, for confidential use or as a substitute for face to face
communication with colleague’s.
When it comes to use of email nationwide have the same thing they have with the use of
internet, they have technicians monitoring it and if anything unusual comes up the
technicians then flag it to the managers, however there are some other precautions like the
private email that is set up between employees and customers so it is highly confidential.

Whistle blowing:
Whistle blowing in a business is when an employee will have a concern about what the
business is practicing. They will raise this concern to either management or an outside
organisation such as the newspapers. This can have anything to do with fraud, crime or
anything that could impact on customers, colleagues, shareholders or the organisations
reputation. They can receive legal protection which is known as the public interest
disclosure act.

Use of the internet:
Companies also have policies on the use of internet
and what employees can and cannot use it for. There
are even codes of practice which run selling on the
internet which businesses will adhere to.
Nationwide has a block on their internet which
prevents employees looking at inappropriate or things unrelated to the organisation. When
you go into the bank and you get served at the cashier desk the computers there are
monitored so employees are not giving out information on networking sites.

Health and safety:
The Health and Safety at Work etc. Act 1974 is an Act of the Parliament of the United Kingdom that
as of 2011 defines the fundamental structure and authority for the encouragement, regulation and
enforcement of workplace health, safety and welfare within the United Kingdom. The health and

safety of staff is very important in a bank the reason for this is because they can serve
customers who might get angry when refused a loan etc. many office based jobs need
employers to spend a substantial amount of time sat at their desk. This can cause things
such as bad posture, back aches etc. this is
why nationwide provide their staff with
comfortable chairs and breaks every hour.

Organisational policies:
Organisational policies that relate to the use of business information can help make sure
decisions affecting staff are:
-understandable
-meet legal requirements
-take full account of their impact
These policies are set in place to make sure that the staff has guidance and complies with
the legislation. For example the data protection act.